archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8242151: Improve OID mapping and reuse among JDK security providers for aliases registration

Browse source 
Use sun.security.util.KnownOIDs enum instead of hardcoding oid strings everywhere

Reviewed-by: weijun
This commit is contained in:
Valerie Peng 2020-05-19 04:05:03 +00:00
parent a97932d8fc
commit 080b3b83eb
79 changed files with 2016 additions and 2080 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/java.base/share/classes/sun/security/x509/AVA.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -1225,7 +1225,7 @@ class AVAKeyword {
return ak.oid;
}
} else {
return new ObjectIdentifier(oidString);
return ObjectIdentifier.of(oidString);
}
// no keyword found, check if OID string
@ -1243,7 +1243,7 @@ class AVAKeyword {
if (number == false) {
throw new IOException("Invalid keyword \"" + keyword + "\"");
}
return new ObjectIdentifier(keyword);
return ObjectIdentifier.of(keyword);
}
/**

8
src/java.base/share/classes/sun/security/x509/AccessDescription.java
View file

@ -42,16 +42,16 @@ public final class AccessDescription {
private GeneralName accessLocation;
public static final ObjectIdentifier Ad_OCSP_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1");
ObjectIdentifier.of(KnownOIDs.OCSP);
public static final ObjectIdentifier Ad_CAISSUERS_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.2");
ObjectIdentifier.of(KnownOIDs.caIssuers);
public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.3");
ObjectIdentifier.of(KnownOIDs.AD_TimeStamping);
public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.5");
ObjectIdentifier.of(KnownOIDs.caRepository);
public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
this.accessMethod = accessMethod;

590
src/java.base/share/classes/sun/security/x509/AlgorithmId.java
View file

@ -33,6 +33,7 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.security.*;
import java.security.interfaces.*;
@ -248,21 +249,31 @@ public class AlgorithmId implements Serializable, DerEncoder {
* returns the "full" signature algorithm (Ex: SHA256withECDSA) directly.
*/
public String getName() {
String algName = nameTable.get(algid);
if (algName != null) {
return algName;
}
if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
try {
AlgorithmId paramsId =
String oidStr = algid.toString();
// first check the list of support oids
KnownOIDs o = KnownOIDs.findMatch(oidStr);
if (o == KnownOIDs.SpecifiedSHA2withECDSA) {
if (params != null) {
try {
AlgorithmId paramsId =
AlgorithmId.parse(new DerValue(params.toByteArray()));
String paramsName = paramsId.getName();
algName = makeSigAlg(paramsName, "EC");
} catch (IOException e) {
// ignore
String paramsName = paramsId.getName();
return makeSigAlg(paramsName, "EC");
} catch (IOException e) {
// ignore
}
}
}
if (o != null) {
return o.stdName();
} else {
String n = aliasOidsTable().get(oidStr);
if (n != null) {
return n;
} else {
return algid.toString();
}
}
return (algName == null) ? algid.toString() : algName;
}
public AlgorithmParameters getParameters() {
@ -280,7 +291,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
* @return DER encoded parameters, or null not present.
*/
public byte[] getEncodedParams() throws IOException {
return (params == null || algid.equals(specifiedWithECDSA_oid))
return (params == null ||
algid.toString().equals(KnownOIDs.SpecifiedSHA2withECDSA.value()))
? null
: params.toByteArray();
}
@ -474,505 +486,147 @@ public class AlgorithmId implements Serializable, DerEncoder {
* used as a "KeyPairGenerator" algorithm.
*/
private static ObjectIdentifier algOID(String name) throws IOException {
// See if algname is in printable OID ("dot-dot") notation
if (name.indexOf('.') != -1) {
if (name.startsWith("OID.")) {
return new ObjectIdentifier(name.substring("OID.".length()));
} else {
return new ObjectIdentifier(name);
}
if (name.startsWith("OID.")) {
name = name.substring("OID.".length());
}
// Digesting algorithms
if (name.equalsIgnoreCase("MD5")) {
return AlgorithmId.MD5_oid;
}
if (name.equalsIgnoreCase("MD2")) {
return AlgorithmId.MD2_oid;
}
if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
|| name.equalsIgnoreCase("SHA-1")) {
return AlgorithmId.SHA_oid;
}
if (name.equalsIgnoreCase("SHA-256") ||
name.equalsIgnoreCase("SHA256")) {
return AlgorithmId.SHA256_oid;
}
if (name.equalsIgnoreCase("SHA-384") ||
name.equalsIgnoreCase("SHA384")) {
return AlgorithmId.SHA384_oid;
}
if (name.equalsIgnoreCase("SHA-512") ||
name.equalsIgnoreCase("SHA512")) {
return AlgorithmId.SHA512_oid;
}
if (name.equalsIgnoreCase("SHA-224") ||
name.equalsIgnoreCase("SHA224")) {
return AlgorithmId.SHA224_oid;
}
if (name.equalsIgnoreCase("SHA-512/224") ||
name.equalsIgnoreCase("SHA512/224")) {
return AlgorithmId.SHA512_224_oid;
}
if (name.equalsIgnoreCase("SHA-512/256") ||
name.equalsIgnoreCase("SHA512/256")) {
return AlgorithmId.SHA512_256_oid;
}
// Various public key algorithms
if (name.equalsIgnoreCase("RSA")) {
return AlgorithmId.RSAEncryption_oid;
}
if (name.equalsIgnoreCase("RSASSA-PSS")) {
return AlgorithmId.RSASSA_PSS_oid;
}
if (name.equalsIgnoreCase("RSAES-OAEP")) {
return AlgorithmId.RSAES_OAEP_oid;
}
if (name.equalsIgnoreCase("Diffie-Hellman")
|| name.equalsIgnoreCase("DH")) {
return AlgorithmId.DH_oid;
}
if (name.equalsIgnoreCase("DSA")) {
return AlgorithmId.DSA_oid;
}
if (name.equalsIgnoreCase("EC")) {
return EC_oid;
}
if (name.equalsIgnoreCase("ECDH")) {
return AlgorithmId.ECDH_oid;
KnownOIDs k = KnownOIDs.findMatch(name);
if (k != null) {
return ObjectIdentifier.of(k);
}
// Secret key algorithms
if (name.equalsIgnoreCase("AES")) {
return AlgorithmId.AES_oid;
// unknown algorithm oids
if (name.indexOf(".") == -1) {
// see if there is a matching oid string alias mapping from
// 3rd party providers
name = name.toUpperCase(Locale.ENGLISH);
String oidStr = aliasOidsTable().get(name);
if (oidStr != null) {
return ObjectIdentifier.of(oidStr);
} return null;
} else {
return ObjectIdentifier.of(name);
}
// Common signature types
if (name.equalsIgnoreCase("MD5withRSA")
|| name.equalsIgnoreCase("MD5/RSA")) {
return AlgorithmId.md5WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("MD2withRSA")
|| name.equalsIgnoreCase("MD2/RSA")) {
return AlgorithmId.md2WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHAwithDSA")
|| name.equalsIgnoreCase("SHA1withDSA")
|| name.equalsIgnoreCase("SHA/DSA")
|| name.equalsIgnoreCase("SHA1/DSA")
|| name.equalsIgnoreCase("DSAWithSHA1")
|| name.equalsIgnoreCase("DSS")
|| name.equalsIgnoreCase("SHA-1/DSA")) {
return AlgorithmId.sha1WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA224WithDSA")) {
return AlgorithmId.sha224WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA256WithDSA")) {
return AlgorithmId.sha256WithDSA_oid;
}
if (name.equalsIgnoreCase("SHA1WithRSA")
|| name.equalsIgnoreCase("SHA1/RSA")) {
return AlgorithmId.sha1WithRSAEncryption_oid;
}
if (name.equalsIgnoreCase("SHA1withECDSA")
|| name.equalsIgnoreCase("ECDSA")) {
return AlgorithmId.sha1WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA224withECDSA")) {
return AlgorithmId.sha224WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA256withECDSA")) {
return AlgorithmId.sha256WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA384withECDSA")) {
return AlgorithmId.sha384WithECDSA_oid;
}
if (name.equalsIgnoreCase("SHA512withECDSA")) {
return AlgorithmId.sha512WithECDSA_oid;
}
if (name.equalsIgnoreCase("ED25519")) {
return AlgorithmId.ed25519_oid;
}
if (name.equalsIgnoreCase("ED448")) {
return AlgorithmId.ed448_oid;
}
return oidTable().get(name.toUpperCase(Locale.ENGLISH));
}
private static volatile Map<String,ObjectIdentifier> oidTable;
private static final Map<ObjectIdentifier,String> nameTable;
// oid string cache index'ed by algorithm name and oid strings
private static volatile Map<String,String> aliasOidsTable;
/** Returns the oidTable, lazily initializing it on first access. */
private static Map<String,ObjectIdentifier> oidTable()
throws IOException {
// Double checked locking; safe because oidTable is volatile
Map<String,ObjectIdentifier> tab;
if ((tab = oidTable) == null) {
// returns the aliasOidsTable, lazily initializing it on first access.
private static Map<String,String> aliasOidsTable() {
// Double checked locking; safe because aliasOidsTable is volatile
Map<String,String> tab = aliasOidsTable;
if (tab == null) {
synchronized (AlgorithmId.class) {
if ((tab = oidTable) == null)
oidTable = tab = computeOidTable();
}
}
return tab;
}
/** Collects the algorithm names from the installed providers. */
private static HashMap<String,ObjectIdentifier> computeOidTable()
throws IOException {
HashMap<String,ObjectIdentifier> tab = new HashMap<>();
for (Provider provider : Security.getProviders()) {
for (Object key : provider.keySet()) {
String alias = (String)key;
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
int index;
if (upperCaseAlias.startsWith("ALG.ALIAS") &&
(index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
index += "OID.".length();
if (index == alias.length()) {
// invalid alias entry
break;
}
String oidString = alias.substring(index);
String stdAlgName = provider.getProperty(alias);
if (stdAlgName != null) {
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
}
if (stdAlgName != null &&
tab.get(stdAlgName) == null) {
tab.put(stdAlgName, new ObjectIdentifier(oidString));
}
if ((tab = aliasOidsTable) == null) {
aliasOidsTable = tab = collectOIDAliases();
}
}
}
return tab;
}
/*****************************************************************/
private static boolean isKnownProvider(Provider p) {
String pn = p.getName();
String mn = p.getClass().getModule().getName();
if (pn != null && mn != null) {
return ((mn.equals("java.base") &&
(pn.equals("SUN") || pn.equals("SunRsaSign") ||
pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
(mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
(mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
(mn.equals("jdk.crypto.cryptoki") &&
pn.startsWith("SunPKCS11")));
} else {
return false;
}
}
/*
* HASHING ALGORITHMS
*/
private static ConcurrentHashMap<String, String> collectOIDAliases() {
ConcurrentHashMap<String, String> t = new ConcurrentHashMap<>();
for (Provider provider : Security.getProviders()) {
// skip providers which are already using SecurityProviderConstants
// and KnownOIDs
if (isKnownProvider(provider)) {
continue;
}
for (Object key : provider.keySet()) {
String alias = (String)key;
String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
int index;
if (upperCaseAlias.startsWith("ALG.ALIAS") &&
(index = upperCaseAlias.indexOf("OID.", 0)) != -1) {
index += "OID.".length();
if (index == alias.length()) {
// invalid alias entry
break;
}
String ostr = alias.substring(index);
String stdAlgName = provider.getProperty(alias);
if (stdAlgName != null) {
stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
}
// add the name->oid and oid->name mappings if none exists
if (KnownOIDs.findMatch(stdAlgName) == null) {
// not override earlier entries if it exists
t.putIfAbsent(stdAlgName, ostr);
}
if (KnownOIDs.findMatch(ostr) == null) {
// not override earlier entries if it exists
t.putIfAbsent(ostr, stdAlgName);
}
}
}
}
return t;
}
/**
* Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
* OID = 1.2.840.113549.2.2
*/
public static final ObjectIdentifier MD2_oid =
ObjectIdentifier.of("1.2.840.113549.2.2");
ObjectIdentifier.of(KnownOIDs.MD2);
/**
* Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
* OID = 1.2.840.113549.2.5
*/
public static final ObjectIdentifier MD5_oid =
ObjectIdentifier.of("1.2.840.113549.2.5");
ObjectIdentifier.of(KnownOIDs.MD5);
/**
* Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
* This is sometimes called "SHA", though that is often confusing since
* many people refer to FIPS 180 (which has an error) as defining SHA.
* OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
*/
public static final ObjectIdentifier SHA_oid =
ObjectIdentifier.of("1.3.14.3.2.26");
ObjectIdentifier.of(KnownOIDs.SHA_1);
public static final ObjectIdentifier SHA224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.4");
ObjectIdentifier.of(KnownOIDs.SHA_224);
public static final ObjectIdentifier SHA256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.1");
ObjectIdentifier.of(KnownOIDs.SHA_256);
public static final ObjectIdentifier SHA384_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.2");
ObjectIdentifier.of(KnownOIDs.SHA_384);
public static final ObjectIdentifier SHA512_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.3");
ObjectIdentifier.of(KnownOIDs.SHA_512);
public static final ObjectIdentifier SHA512_224_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.5");
ObjectIdentifier.of(KnownOIDs.SHA_512$224);
public static final ObjectIdentifier SHA512_256_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.2.6");
ObjectIdentifier.of(KnownOIDs.SHA_512$256);
/*
* COMMON PUBLIC KEY TYPES
*/
/*
* Note the preferred OIDs are named simply with no "OIW" or
* "PKIX" in them, even though they may point to data from these
* specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
*/
/**
* Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
* Parameters include public values P and G, and may optionally specify
* the length of the private key X. Alternatively, algorithm parameters
* may be derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.113549.1.3.1
*/
public static final ObjectIdentifier DH_oid =
ObjectIdentifier.of("1.2.840.113549.1.3.1");
/**
* Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
* Parameters may include public values P and G.
* OID = 1.2.840.10046.2.1
*/
public static final ObjectIdentifier DH_PKIX_oid =
ObjectIdentifier.of("1.2.840.10046.2.1");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from the
* NIST OIW Stable Agreements part 12.
* Parameters may include public values P, Q, and G; or these may be
* derived from
* another source such as a Certificate Authority's certificate.
* OID = 1.3.14.3.2.12
*/
public static final ObjectIdentifier DSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.12");
/**
* Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
* Parameters may include public values P, Q, and G; or these may be
* derived from another source such as a Certificate Authority's
* certificate.
* OID = 1.2.840.10040.4.1
*/
public static final ObjectIdentifier DSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.1");
/**
* Algorithm ID for RSA keys used for any purpose, as defined in X.509.
* The algorithm parameter is a single value, the number of bits in the
* public modulus.
* OID = 2.5.8.1.1
*/
public static final ObjectIdentifier RSA_oid =
ObjectIdentifier.of("2.5.8.1.1");
ObjectIdentifier.of(KnownOIDs.DSA);
public static final ObjectIdentifier EC_oid =
ObjectIdentifier.of("1.2.840.10045.2.1");
public static final ObjectIdentifier ECDH_oid =
ObjectIdentifier.of("1.3.132.1.12");
ObjectIdentifier.of(KnownOIDs.EC);
public static final ObjectIdentifier RSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.1");
public static final ObjectIdentifier RSAES_OAEP_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.7");
public static final ObjectIdentifier mgf1_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.8");
ObjectIdentifier.of(KnownOIDs.RSA);
public static final ObjectIdentifier RSASSA_PSS_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.10");
ObjectIdentifier.of(KnownOIDs.RSASSA_PSS);
/*
* COMMON SECRET KEY TYPES
*/
public static final ObjectIdentifier AES_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.1");
/*
* COMMON SIGNATURE ALGORITHMS
*/
/**
* Identifies a signing algorithm where an MD2 digest is encrypted
* using an RSA private key; defined in PKCS #1. Use of this
* signing algorithm is discouraged due to MD2 vulnerabilities.
* OID = 1.2.840.113549.1.1.2
*/
public static final ObjectIdentifier md2WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.2");
/**
* Identifies a signing algorithm where an MD5 digest is
* encrypted using an RSA private key; defined in PKCS #1.
* OID = 1.2.840.113549.1.1.4
*/
public static final ObjectIdentifier md5WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.4");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined by RSA DSI.
* OID = 1.2.840.113549.1.1.5
*/
public static final ObjectIdentifier sha1WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.5");
/**
* Identifies a signing algorithm where a SHA1 digest is
* encrypted using an RSA private key; defined in NIST OIW.
* OID = 1.3.14.3.2.29
*/
public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.29");
/**
* Identifies a signing algorithm where a SHA224 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.14
*/
public static final ObjectIdentifier sha224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.14");
/**
* Identifies a signing algorithm where a SHA256 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.11
*/
public static final ObjectIdentifier sha256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.11");
/**
* Identifies a signing algorithm where a SHA384 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.12
*/
public static final ObjectIdentifier sha384WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.12");
/**
* Identifies a signing algorithm where a SHA512 digest is
* encrypted using an RSA private key; defined by PKCS #1.
* OID = 1.2.840.113549.1.1.13
*/
public static final ObjectIdentifier sha512WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA digest is signed using the Digital Signing Algorithm (DSA).
* This should not be used.
* OID = 1.3.14.3.2.13
*/
public static final ObjectIdentifier shaWithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.13");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.3.14.3.2.27
*/
public static final ObjectIdentifier sha1WithDSA_OIW_oid =
ObjectIdentifier.of("1.3.14.3.2.27");
/**
* Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
* SHA1 digest is signed using the Digital Signing Algorithm (DSA).
* OID = 1.2.840.10040.4.3
*/
public static final ObjectIdentifier sha1WithDSA_oid =
ObjectIdentifier.of("1.2.840.10040.4.3");
public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.15");
public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
ObjectIdentifier.of("1.2.840.113549.1.1.16");
public static final ObjectIdentifier sha224WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.1");
public static final ObjectIdentifier sha256WithDSA_oid =
ObjectIdentifier.of("2.16.840.1.101.3.4.3.2");
public static final ObjectIdentifier sha1WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.1");
public static final ObjectIdentifier sha224WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.1");
public static final ObjectIdentifier sha256WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.2");
public static final ObjectIdentifier sha384WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.3");
public static final ObjectIdentifier sha512WithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3.4");
public static final ObjectIdentifier specifiedWithECDSA_oid =
ObjectIdentifier.of("1.2.840.10045.4.3");
/**
* Algorithm ID for the PBE encryption algorithms from PKCS#5 and
* PKCS#12.
*/
public static final ObjectIdentifier pbeWithMD5AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.3");
public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.6");
public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.10");
public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
ObjectIdentifier.of("1.2.840.113549.1.5.11");
public static final ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.1");
public static final ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.2");
public static final ObjectIdentifier pbeWithSHA1AndDESede_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.3");
public static final ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.5");
public static final ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
ObjectIdentifier.of("1.2.840.113549.1.12.1.6");
public static final ObjectIdentifier MGF1_oid =
ObjectIdentifier.of(KnownOIDs.MGF1);
public static final ObjectIdentifier ed25519_oid =
ObjectIdentifier.of("1.3.101.112");
ObjectIdentifier.of(KnownOIDs.Ed25519);
public static final ObjectIdentifier ed448_oid =
ObjectIdentifier.of("1.3.101.113");
static {
nameTable = new HashMap<>();
nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2");
nameTable.put(SHA_oid, "SHA-1");
nameTable.put(SHA224_oid, "SHA-224");
nameTable.put(SHA256_oid, "SHA-256");
nameTable.put(SHA384_oid, "SHA-384");
nameTable.put(SHA512_oid, "SHA-512");
nameTable.put(SHA512_224_oid, "SHA-512/224");
nameTable.put(SHA512_256_oid, "SHA-512/256");
nameTable.put(RSAEncryption_oid, "RSA");
nameTable.put(RSA_oid, "RSA");
nameTable.put(DH_oid, "Diffie-Hellman");
nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
nameTable.put(DSA_oid, "DSA");
nameTable.put(DSA_OIW_oid, "DSA");
nameTable.put(EC_oid, "EC");
nameTable.put(ECDH_oid, "ECDH");
nameTable.put(ed25519_oid, "ED25519");
nameTable.put(ed448_oid, "ED448");
nameTable.put(AES_oid, "AES");
nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
}
ObjectIdentifier.of(KnownOIDs.Ed448);
/**
* Creates a signature algorithm name from a digest algorithm

31
src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
View file

@ -34,9 +34,7 @@ import java.util.List;
import java.util.Map;
import java.util.Vector;
import sun.security.util.DerValue;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
/**
* This class defines the Extended Key Usage Extension, which
@ -94,24 +92,6 @@ implements CertAttrSet<String> {
public static final String NAME = "ExtendedKeyUsage";
public static final String USAGES = "usages";
// OID defined in RFC 5280 Sections 4.2.1.12
// more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
private static final Map <ObjectIdentifier, String> map =
new HashMap<ObjectIdentifier, String>();
static {
map.put(ObjectIdentifier.of("2.5.29.37.0"), "anyExtendedKeyUsage");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.1"), "serverAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.2"), "clientAuth");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.3"), "codeSigning");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.4"), "emailProtection");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.5"), "ipsecEndSystem");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.6"), "ipsecTunnel");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.7"), "ipsecUser");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.8"), "timeStamping");
map.put(ObjectIdentifier.of("1.3.6.1.5.5.7.3.9"), "OCSPSigning");
};
/**
* Vector of KeyUsages for this object.
*/
@ -198,11 +178,12 @@ implements CertAttrSet<String> {
usage += "\n ";
}
String result = map.get(oid);
if (result != null) {
usage += result;
String res = oid.toString();
KnownOIDs os = KnownOIDs.findMatch(res);
if (os != null) {
usage += os.stdName();
} else {
usage += oid.toString();
usage += res;
}
first = false;
}

7
src/java.base/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java
View file

@ -29,10 +29,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.util.Enumeration;
import sun.security.util.Debug;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
/**
* This class represents the Inhibit Any-Policy Extension.
@ -76,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for "any-policy"
*/
public static ObjectIdentifier AnyPolicy_Id =
ObjectIdentifier.of("2.5.29.32.0");
ObjectIdentifier.of(KnownOIDs.CE_CERT_POLICIES_ANY);
/**
* Attribute names.

2
src/java.base/share/classes/sun/security/x509/NetscapeCertTypeExtension.java
View file

@ -73,7 +73,7 @@ implements CertAttrSet<String> {
* Object identifier for the Netscape-Cert-Type extension.
*/
public static ObjectIdentifier NetscapeCertType_Id =
ObjectIdentifier.of("2.16.840.1.113730.1.1");
ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType);
private boolean[] bitString;

4
src/java.base/share/classes/sun/security/x509/OIDMap.java
View file

@ -136,7 +136,7 @@ public class OIDMap {
addInternal(POLICY_CONSTRAINTS, PKIXExtensions.PolicyConstraints_Id,
"sun.security.x509.PolicyConstraintsExtension");
addInternal(NETSCAPE_CERT,
ObjectIdentifier.of("2.16.840.1.113730.1.1"),
ObjectIdentifier.of(KnownOIDs.NETSCAPE_CertType),
"sun.security.x509.NetscapeCertTypeExtension");
addInternal(CERT_POLICIES, PKIXExtensions.CertificatePolicies_Id,
"sun.security.x509.CertificatePoliciesExtension");
@ -227,7 +227,7 @@ public class OIDMap {
throws CertificateException {
ObjectIdentifier objId;
try {
objId = new ObjectIdentifier(oid);
objId = ObjectIdentifier.of(oid);
} catch (IOException ioe) {
throw new CertificateException
("Invalid Object identifier: " + oid);

4
src/java.base/share/classes/sun/security/x509/OIDName.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -69,7 +69,7 @@ public class OIDName implements GeneralNameInterface {
*/
public OIDName(String name) throws IOException {
try {
oid = new ObjectIdentifier(name);
oid = ObjectIdentifier.of(name);
} catch (Exception e) {
throw new IOException("Unable to create OIDName: " + e);
}

54
src/java.base/share/classes/sun/security/x509/PKIXExtensions.java
View file

@ -51,112 +51,112 @@ public class PKIXExtensions {
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier AuthorityKey_Id =
ObjectIdentifier.of("2.5.29.35");
ObjectIdentifier.of(KnownOIDs.AuthorityKeyID);
/**
* Identifies the particular public key used in an application.
*/
public static final ObjectIdentifier SubjectKey_Id =
ObjectIdentifier.of("2.5.29.14");
ObjectIdentifier.of(KnownOIDs.SubjectKeyID);
/**
* Defines the purpose of the key contained in the certificate.
*/
public static final ObjectIdentifier KeyUsage_Id =
ObjectIdentifier.of("2.5.29.15");
ObjectIdentifier.of(KnownOIDs.KeyUsage);
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
public static final ObjectIdentifier PrivateKeyUsage_Id =
ObjectIdentifier.of("2.5.29.16");
ObjectIdentifier.of(KnownOIDs.PrivateKeyUsage);
/**
* Contains the sequence of policy information terms.
*/
public static final ObjectIdentifier CertificatePolicies_Id =
ObjectIdentifier.of("2.5.29.32");
ObjectIdentifier.of(KnownOIDs.CertificatePolicies);
/**
* Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA.
*/
public static final ObjectIdentifier PolicyMappings_Id =
ObjectIdentifier.of("2.5.29.33");
ObjectIdentifier.of(KnownOIDs.PolicyMappings);
/**
* Allows additional identities to be bound to the subject of the
* certificate.
*/
public static final ObjectIdentifier SubjectAlternativeName_Id =
ObjectIdentifier.of("2.5.29.17");
ObjectIdentifier.of(KnownOIDs.SubjectAlternativeName);
/**
* Allows additional identities to be associated with the certificate
* issuer.
*/
public static final ObjectIdentifier IssuerAlternativeName_Id =
ObjectIdentifier.of("2.5.29.18");
ObjectIdentifier.of(KnownOIDs.IssuerAlternativeName);
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
ObjectIdentifier.of("2.5.29.9");
ObjectIdentifier.of(KnownOIDs.SubjectDirectoryAttributes);
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
public static final ObjectIdentifier BasicConstraints_Id =
ObjectIdentifier.of("2.5.29.19");
ObjectIdentifier.of(KnownOIDs.BasicConstraints);
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
public static final ObjectIdentifier NameConstraints_Id =
ObjectIdentifier.of("2.5.29.30");
ObjectIdentifier.of(KnownOIDs.NameConstraints);
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
public static final ObjectIdentifier PolicyConstraints_Id =
ObjectIdentifier.of("2.5.29.36");
ObjectIdentifier.of(KnownOIDs.PolicyConstraints);
/**
* Identifies how CRL information is obtained.
*/
public static final ObjectIdentifier CRLDistributionPoints_Id =
ObjectIdentifier.of("2.5.29.31");
ObjectIdentifier.of(KnownOIDs.CRLDistributionPoints);
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
public static final ObjectIdentifier CRLNumber_Id =
ObjectIdentifier.of("2.5.29.20");
ObjectIdentifier.of(KnownOIDs.CRLNumber);
/**
* Identifies the CRL distribution point for a particular CRL.
*/
public static final ObjectIdentifier IssuingDistributionPoint_Id =
ObjectIdentifier.of("2.5.29.28");
ObjectIdentifier.of(KnownOIDs.IssuingDistributionPoint);
/**
* Identifies the delta CRL.
*/
public static final ObjectIdentifier DeltaCRLIndicator_Id =
ObjectIdentifier.of("2.5.29.27");
ObjectIdentifier.of(KnownOIDs.DeltaCRLIndicator);
/**
* Identifies the reason for the certificate revocation.
*/
public static final ObjectIdentifier ReasonCode_Id =
ObjectIdentifier.of("2.5.29.21");
ObjectIdentifier.of(KnownOIDs.ReasonCode);
/**
* This extension provides a registered instruction identifier indicating
@ -164,34 +164,34 @@ public class PKIXExtensions {
* placed on hold.
*/
public static final ObjectIdentifier HoldInstructionCode_Id =
ObjectIdentifier.of("2.5.29.23");
ObjectIdentifier.of(KnownOIDs.HoldInstructionCode);
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier InvalidityDate_Id =
ObjectIdentifier.of("2.5.29.24");
ObjectIdentifier.of(KnownOIDs.InvalidityDate);
/**
* Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field.
*/
public static final ObjectIdentifier ExtendedKeyUsage_Id =
ObjectIdentifier.of("2.5.29.37");
ObjectIdentifier.of(KnownOIDs.extendedKeyUsage);
/**
* Specifies whether any-policy policy OID is permitted
*/
public static final ObjectIdentifier InhibitAnyPolicy_Id =
ObjectIdentifier.of("2.5.29.54");
ObjectIdentifier.of(KnownOIDs.InhibitAnyPolicy);
/**
* Identifies the certificate issuer associated with an entry in an
* indirect CRL.
*/
public static final ObjectIdentifier CertificateIssuer_Id =
ObjectIdentifier.of("2.5.29.29");
ObjectIdentifier.of(KnownOIDs.CertificateIssuer);
/**
* This extension indicates how to access CA information and services for
@ -200,32 +200,32 @@ public class PKIXExtensions {
* services.
*/
public static final ObjectIdentifier AuthInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.1");
ObjectIdentifier.of(KnownOIDs.AuthInfoAccess);
/**
* This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears.
*/
public static final ObjectIdentifier SubjectInfoAccess_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.1.11");
ObjectIdentifier.of(KnownOIDs.SubjectInfoAccess);
/**
* Identifies how delta CRL information is obtained.
*/
public static final ObjectIdentifier FreshestCRL_Id =
ObjectIdentifier.of("2.5.29.46");
ObjectIdentifier.of(KnownOIDs.FreshestCRL);
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
public static final ObjectIdentifier OCSPNoCheck_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.5");
ObjectIdentifier.of(KnownOIDs.OCSPNoCheck);
/**
* This extension is used to provide nonce data for OCSP requests
* or responses.
*/
public static final ObjectIdentifier OCSPNonce_Id =
ObjectIdentifier.of("1.3.6.1.5.5.7.48.1.2");
ObjectIdentifier.of(KnownOIDs.OCSPNonceExt);
}

34
src/java.base/share/classes/sun/security/x509/X500Name.java
View file

@ -1105,80 +1105,80 @@ public class X500Name implements GeneralNameInterface, Principal {
// OID for the "CN=" attribute, denoting a person's common name.
public static final ObjectIdentifier commonName_oid =
ObjectIdentifier.of("2.5.4.3");
ObjectIdentifier.of(KnownOIDs.CommonName);
// OID for the "SURNAME=" attribute, denoting a person's surname.
public static final ObjectIdentifier SURNAME_OID =
ObjectIdentifier.of("2.5.4.4");
ObjectIdentifier.of(KnownOIDs.Surname);
// OID for the "SERIALNUMBER=" attribute, denoting a serial number for.
// a name. Do not confuse with PKCS#9 issuerAndSerialNumber or the
// certificate serial number.
public static final ObjectIdentifier SERIALNUMBER_OID =
ObjectIdentifier.of("2.5.4.5");
ObjectIdentifier.of(KnownOIDs.SerialNumber);
// OID for the "C=" attribute, denoting a country.
public static final ObjectIdentifier countryName_oid =
ObjectIdentifier.of("2.5.4.6");
ObjectIdentifier.of(KnownOIDs.CountryName);
// OID for the "L=" attribute, denoting a locality (such as a city).
public static final ObjectIdentifier localityName_oid =
ObjectIdentifier.of("2.5.4.7");
ObjectIdentifier.of(KnownOIDs.LocalityName);
// OID for the "S=" attribute, denoting a state (such as Delaware).
public static final ObjectIdentifier stateName_oid =
ObjectIdentifier.of("2.5.4.8");
ObjectIdentifier.of(KnownOIDs.StateName);
// OID for the "STREET=" attribute, denoting a street address.
public static final ObjectIdentifier streetAddress_oid =
ObjectIdentifier.of("2.5.4.9");
ObjectIdentifier.of(KnownOIDs.StreetAddress);
// OID for the "O=" attribute, denoting an organization name.
public static final ObjectIdentifier orgName_oid =
ObjectIdentifier.of("2.5.4.10");
ObjectIdentifier.of(KnownOIDs.OrgName);
// OID for the "OU=" attribute, denoting an organizational unit name.
public static final ObjectIdentifier orgUnitName_oid =
ObjectIdentifier.of("2.5.4.11");
ObjectIdentifier.of(KnownOIDs.OrgUnitName);
// OID for the "T=" attribute, denoting a person's title.
public static final ObjectIdentifier title_oid =
ObjectIdentifier.of("2.5.4.12");
ObjectIdentifier.of(KnownOIDs.Title);
// OID for the "GIVENNAME=" attribute, denoting a person's given name.
public static final ObjectIdentifier GIVENNAME_OID =
ObjectIdentifier.of("2.5.4.42");
ObjectIdentifier.of(KnownOIDs.GivenName);
// OID for the "INITIALS=" attribute, denoting a person's initials.
public static final ObjectIdentifier INITIALS_OID =
ObjectIdentifier.of("2.5.4.43");
ObjectIdentifier.of(KnownOIDs.Initials);
// OID for the "GENERATION=" attribute, denoting Jr., II, etc.
public static final ObjectIdentifier GENERATIONQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.44");
ObjectIdentifier.of(KnownOIDs.GenerationQualifier);
// OID for the "DNQUALIFIER=" or "DNQ=" attribute, denoting DN
// disambiguating information.
public static final ObjectIdentifier DNQUALIFIER_OID =
ObjectIdentifier.of("2.5.4.46");
ObjectIdentifier.of(KnownOIDs.DNQualifier);
// OIDs from other sources which show up in X.500 names we
// expect to deal with often.
//
// OID for "IP=" IP address attributes, used with SKIP.
public static final ObjectIdentifier ipAddress_oid =
ObjectIdentifier.of("1.3.6.1.4.1.42.2.11.2.1");
ObjectIdentifier.of(KnownOIDs.SkipIPAddress);
// Domain component OID from RFC 1274, RFC 2247, RFC 5280.
//
// OID for "DC=" domain component attributes.used with DNSNames in DN
// format.
public static final ObjectIdentifier DOMAIN_COMPONENT_OID =
ObjectIdentifier.of("0.9.2342.19200300.100.1.25");
ObjectIdentifier.of(KnownOIDs.UCL_DomainComponent);
// OID for "UID=" denoting a user id, defined in RFCs 1274 & 2798.
public static final ObjectIdentifier userid_oid =
ObjectIdentifier.of("0.9.2342.19200300.100.1.1");
ObjectIdentifier.of(KnownOIDs.UCL_UserID);
/**
* Return constraint type:<ul>

7
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
View file

@ -252,7 +252,8 @@ public class X509CRLEntryImpl extends X509CRLEntry
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
byte[] ext = crlEntry.getExtensionValue
(KnownOIDs.ReasonCode.value());
if (ext == null) {
return null;
}
@ -402,11 +403,11 @@ public class X509CRLEntryImpl extends X509CRLEntry
if (extensions == null)
return null;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null;
if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements();

4
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
View file

@ -1036,11 +1036,11 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
if (extensions == null)
return null;
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
String extAlias = OIDMap.getName(ObjectIdentifier.of(oid));
Extension crlExt = null;
if (extAlias == null) { // may be unknown
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements();

19
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -128,14 +128,6 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
protected AlgorithmId algId = null;
protected byte[] signature = null;
// recognized extension OIDS
private static final String KEY_USAGE_OID = "2.5.29.15";
private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
private static final String BASIC_CONSTRAINT_OID = "2.5.29.19";
private static final String SUBJECT_ALT_NAME_OID = "2.5.29.17";
private static final String ISSUER_ALT_NAME_OID = "2.5.29.18";
private static final String AUTH_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.1";
// number of standard key usage bits.
private static final int NUM_STANDARD_KEY_USAGE = 9;
@ -1423,7 +1415,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
*/
public byte[] getExtensionValue(String oid) {
try {
ObjectIdentifier findOID = new ObjectIdentifier(oid);
ObjectIdentifier findOID = ObjectIdentifier.of(oid);
String extAlias = OIDMap.getName(findOID);
Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get(
@ -1526,7 +1518,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static List<String> getExtendedKeyUsage(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(EXTENDED_KEY_USAGE_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.extendedKeyUsage.value());
if (ext == null)
return null;
DerValue val = new DerValue(ext);
@ -1696,7 +1689,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(SUBJECT_ALT_NAME_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.SubjectAlternativeName.value());
if (ext == null) {
return null;
}
@ -1759,7 +1753,8 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
public static Collection<List<?>> getIssuerAlternativeNames(X509Certificate cert)
throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(ISSUER_ALT_NAME_OID);
byte[] ext = cert.getExtensionValue
(KnownOIDs.IssuerAlternativeName.value());
if (ext == null) {
return null;
}